• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Clients Bypassing Proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Clients Bypassing Proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
Clients Bypassing Proxy - 26.May2009 6:48:38 AM   
VulcanX

 

Posts: 3
Joined: 26.May2009
Status: offline
Hey guys im new to the forum but have a ISA Server 2006 Enterprise setup, i set it up manually so not too clued up on the white papers and how it should be done.
The problem im having is that when the clients input the router address into the default gateway with a valid DNS server they get direct internet access, i have zero clue and tried to block the router address so that no traffic could go through to it, and then tried to play around with the filtering and not too sure what to change, i have setup authentication linking to domain accounts for the proxy and extension blocking. What are the ways that i can force the clients (which have admin rights) to stop bypassing my proxy? Its a serious issue and i have linked the cables up correctly as well, one link going to the ISA server from the router and the other going from the server into the switch, so that people dont get full access. What can be done? Im using a Juniper router which i have zero access to (console access).
Thanks so much for the help

Edit: I also tried to change the condition so that Domain User accounts from the Domain are only allowed HTTP access and still no luck, im really running out of ideas.

< Message edited by VulcanX -- 26.May2009 6:50:22 AM >
Post #: 1
RE: Clients Bypassing Proxy - 26.May2009 11:37:06 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

it seems your clients requests are not passing through ISA firewall. Can you provide a basic network diagram?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to VulcanX)
Post #: 2
RE: Clients Bypassing Proxy - 26.May2009 12:15:30 PM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
How many nics?

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to paulo.oliveira)
Post #: 3
RE: Clients Bypassing Proxy - 27.May2009 10:25:29 AM   
VulcanX

 

Posts: 3
Joined: 26.May2009
Status: offline
Ok i have 2 NICs on the proxy server itself, one is linked up the switch (which then in the whole network links to everything) and the other is directly into the router.
My network is laid out as follows, all clients connect to switches, the switches then connect to the MAIN switch, its very old but cash was tight and i had to make it work. Only when the default gateway is configured to have the routers address can they do that, other than that it shouldnt be possible as my DHCP gives out addresses with the correct proxy default gateway which allows the proxy to come into play. So with all that said, how do i ensure that the clients go through the proxy? I was thinking of putting in a Security Policy for the IP Config so that the users cant change the IP addresses, but they are admins so they can obviously work a way around it.
Oh and i also have routing happening with the ISA between my 2 NICs in order to FORCE users through the proxy but its not limiting the guys who are directly connecting through the Juniper.
Appreciate any help you guys can give me

(in reply to VulcanX)
Post #: 4
RE: Clients Bypassing Proxy - 27.May2009 1:11:44 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

it seems you have to diffrent gateways (ISA firewall and Juniper). To force ISA pass through ISA, you have to let just one gateway on your network.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to VulcanX)
Post #: 5
RE: Clients Bypassing Proxy - 1.Jun.2009 5:12:27 AM   
VulcanX

 

Posts: 3
Joined: 26.May2009
Status: offline
Thnx for the reply Paulo, i just want to find out how i could go about getting one gateway only, as i tried my aboslute best to get it working and forcing the users to go through the ISA server but bcoz of the routing i have between the one IP range to the other, its routing the requests directly to the router, which isnt correct at all, and i cant configure the juniper as its hosted by another company which means they look after it for us. So how do i proceed here?

*Super confused with this issue*

Thanks a lot for any replies
Tim K

(in reply to paulo.oliveira)
Post #: 6
RE: Clients Bypassing Proxy - 2.Jun.2009 10:58:34 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

can you provide a network diagram?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to VulcanX)
Post #: 7
RE: Clients Bypassing Proxy - 10.Jul.2009 7:15:49 AM   
zakfleming

 

Posts: 23
Joined: 10.Jul.2009
Status: offline
If you have a hardware firewall at the top of your network, block port 80 and 443 on all clients apart from the ISA server. This will solve your problem.

Z

(in reply to paulo.oliveira)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Clients Bypassing Proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts